# !/usr/bin/env python3
# @Time    : 2020/11/2
# @Author  : caicai
# @File    : poc_exacqVision_cve-2020-9047_2020.py

'''
fofa: exacqVision
'''

from myscan.lib.parse.response_parser import response_parser  ##写了一些操作resonse的方法的类
from myscan.lib.helper.request import request  # 修改了requests.request请求的库，建议使用此库，会在redis计数
from myscan.config import scan_set


class POC():
    def __init__(self, workdata):
        self.dictdata = workdata.get("dictdata")  # python的dict数据，详情请看docs/开发指南Example dict数据示例
        self.url = workdata.get("data")  # self.url为需要测试的url，值为目录url，会以/结尾,如https://www.baidu.com/home/ ,为目录
        self.result = []  # 此result保存dict数据，dict需包含name,url,level,detail字段，detail字段值必须为dict。如下self.result.append代码
        self.name = "exacqVision_cve-2020-9047"
        self.vulmsg = "referer: https://github.com/norrismw/CVE-2020-9047/blob/master/CVE-2020-9047.py"
        self.level = 3  # 0:Low  1:Medium 2:High

    def verify(self):
        # 根据config.py 配置的深度，限定一下目录深度
        if self.url.count("/") > int(scan_set.get("max_dir", 2)) + 2:
            return

        req = {
            "method": "GET",
            "url": self.url + "version.web",
            "timeout": 10,
            "allow_redirects": False,
            "verify": False,
        }
        r = request(**req)
        vuln_versions = ['3.10.4.72058', '3.12.4.76544', '3.8.2.67295', '7.0.2.81005', '7.2.7.86974', '7.4.3.89785',
                         '7.6.4.94391']
        vuln_versions += ['7.8.2.97826', '8.0.6.105408', '8.2.2.107285', '8.4.3.111614', '8.6.3.116175', '8.8.1.118913',
                          '9.0.3.124620']
        vuln_versions += ['9.2.0.127940', '9.4.3.137684', '9.6.7.145949', '9.8.4.149166', '19.03.3.152166',
                          '19.06.4.157118']
        vuln_versions += ['19.09.4.0', '19.12.2.0', '20.03.2.0', '20.06.3.0']

        if r != None and r.status_code == 200 and "text/plain" in r.headers.get("Content-Type") and r.content[
                                                                                                    :20].decode().strip() in vuln_versions:
            parser_ = response_parser(r)
            self.result.append({
                "name": self.name,
                "url": self.url,
                "level": self.level,  # 0:Low  1:Medium 2:High
                "detail": {
                    "vulmsg": self.vulmsg,
                    "request": parser_.getrequestraw(),
                    "response": parser_.getresponseraw()
                }
            })
